Microsoft Edge is set to implement a significant change regarding password management, specifically addressing how passwords are loaded into memory during startup. This decision comes on the heels of a security researcher’s findings, which highlighted the browser’s previous behavior of loading all passwords in plaintext.
Enhancing Security Protocols
In a recent blog post, Microsoft emphasized the importance of prioritizing security, encapsulating their philosophy with the adage, “better safe than sorry.” The company acknowledged that while the existing method of handling passwords was not classified as a security risk, there was room for improvement. They stated, “Based on our existing criteria, this behavior falls within the expected threat model, since the risk begins after an attacker has already compromised the device. At the same time, we believe there’s opportunity to improve.”
With the forthcoming update, which will elevate Edge to version 148, the browser will no longer load passwords into memory at startup. This change is already operational in the Canary Channel of Edge and is expected to be available to all users shortly.
This development is intriguing, as it reflects a dual approach: Microsoft maintains that the previous behavior did not pose a serious security threat, yet they are proactively altering it. This move not only enhances user security but also demonstrates Microsoft’s commitment to continuously refining their products in response to evolving security standards.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
